#
# smartmontools drive database update script
#
-# Copyright (C) 2010-16 Christian Franke
+# Home page of code is: http://www.smartmontools.org
#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2, or (at your option)
-# any later version.
+# Copyright (C) 2010-18 Christian Franke
#
-# You should have received a copy of the GNU General Public License
-# (for example COPYING); If not, see <http://www.gnu.org/licenses/>.
+# SPDX-License-Identifier: GPL-2.0-or-later
#
-# $Id: update-smart-drivedb.in 4224 2016-02-26 20:29:24Z chrfranke $
+# $Id: update-smart-drivedb.in 4879 2018-12-28 22:05:12Z chrfranke $
#
set -e
# Set by config.status
+@ENABLE_SCRIPTPATH_TRUE@export PATH="@scriptpath@"
PACKAGE="@PACKAGE@"
VERSION="@VERSION@"
prefix="@prefix@"
# Default drivedb location
DRIVEDB="$drivedbdir/drivedb.h"
+# GnuPG used to verify signature (disabled if empty)
+GPG="@gnupg@"
+
# Smartctl used for syntax check
SMARTCTL="$sbindir/smartctl"
+# PATH information for help and error messages
+@ENABLE_SCRIPTPATH_FALSE@pathinfo='$PATH'
+@ENABLE_SCRIPTPATH_TRUE@pathinfo="'$PATH'"
+
myname=$0
usage()
{
+@ENABLE_SCRIPTPATH_TRUE@ pathinfo="
+@ENABLE_SCRIPTPATH_TRUE@ $pathinfo"
cat <<EOF
smartmontools $VERSION drive database update script
-s SMARTCTL Use SMARTCTL for syntax check ('-s -' to disable)
[default: $SMARTCTL]
-t TOOL Use TOOL for download: $os_dltools
- [default: first one found in PATH]
+ [default: first one found in $pathinfo]
-u LOCATION Use URL of LOCATION for download:
- sf (Sourceforge code browser via HTTPS)
- svn (SVN repository via HTTPS) [default]
- svni (SVN repository via HTTP)
- trac (Trac code browser via HTTPS)
+ github (GitHub mirror of SVN repository)
+ sf (Sourceforge code browser)
+ svn (SVN repository) [default]
+ svni (SVN repository via HTTP instead of HTTPS)
+ trac (Trac code browser)
+ --trunk Download from SVN trunk (may require '--no-verify')
--cacert FILE Use CA certificates from FILE to verify the peer
--capath DIR Use CA certificate files from DIR to verify the peer
--insecure Don't abort download if certificate verification fails
+ --no-verify Don't verify signature
+ --export-key Print the OpenPGP/GPG public key block
--dryrun Print download commands only
-v Verbose output
Updates $DRIVEDB
-or DESTFILE from smartmontools SVN repository.
-Tries to download first from branch $BRANCH
-and then from trunk.
+or DESTFILE from branches/$BRANCH of smartmontools
+SVN repository.
EOF
exit 1
}
exit 1
}
+err_notfound()
+{
+ case $1 in
+ */*) error "$1: not found $2" ;;
+ *) error "$1: not found in $pathinfo $2" ;;
+ esac
+}
+
warning()
{
echo "$myname: (Warning) $*" >&2
selecturl()
{
case $1 in
+ github) # https://github.com/smartmontools/smartmontools/raw/origin/$BRANCH/smartmontools/drivedb.h
+ # https://github.com/smartmontools/smartmontools/raw/master/smartmontools/drivedb.h
+ # redirected to:
+ url='https://raw.githubusercontent.com/smartmontools/smartmontools/master/smartmontools/drivedb.h' ;;
sf) url='https://sourceforge.net/p/smartmontools/code/HEAD/tree/trunk/smartmontools/drivedb.h?format=raw' ;;
svn) url='https://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
svni) url='http://svn.code.sf.net/p/smartmontools/code/trunk/smartmontools/drivedb.h' ;;
# download URL FILE
download()
{
- local f u se rc
+ local f u rc
u=$1; f=$2
rc=0
return $rc
}
+# check_file FILE FIRST_CHAR MIN_SIZE MAX_SIZE
+check_file()
+{
+ local firstchar f maxsize minsize size
+ test -z "$dryrun" || return 0
+ f=$1; firstchar=$2; minsize=$3; maxsize=$4
+
+ # Check first chars
+ case `dd if="$f" bs=1 count=1 2>/dev/null` in
+ $firstchar) ;;
+ \<) echo "HTML error message"; return 1 ;;
+ *) echo "unknown file contents"; return 1 ;;
+ esac
+
+ # Check file size
+ size=`wc -c < "$f"`
+ if test "$size" -lt $minsize; then
+ echo "too small file size $size bytes"
+ return 1
+ fi
+ if test "$size" -gt $maxsize; then
+ echo "too large file size $size bytes"
+ return 1
+ fi
+ return 0
+}
+
+# unexpand_svn_id < INFILE > OUTFILE
+unexpand_svn_id()
+{
+ sed 's,\$''Id'': drivedb\.h [0-9][0-9]* 2[-0-9]* [012][:0-9]*Z [a-z][a-z0-9]* \$,$''Id''$,'
+}
+
+# Smartmontools Signing Key (through 2020)
+# <smartmontools-database@listi.jpberlin.de>
+# Key ID 721042C5
+public_key="\
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFwmhpUBEADRoOZaXq13MrqyAmbGe6FlHi6P9ujsT/SJGhTiAoN3W1X56Dbm
+KP21nO9ZAjdXnvA2OmzppfCUX7v5Q3/TG3vN3WwfyQIO/dgSaTrGa1E8odbHEGc7
+rhzYA8ekAn3TmxhOrEUTcRIogumW0zlQewHOlTe0OYsxat6/N8l3Cqn28HwZUpRH
+MrJW3RgefFihQGEhXlnfzo+Tltl14IriURbwBZIDeZOk2AWLGweI0+zqTgYSbF5A
+tI5rXO1QDeoyBYZhSX3MtnncwPdCnxoRasizU5w3KoZWYyKAc5bxJBJgUUp9HDOu
+ATgNqekc8j28x/cUAWerXe183SBYQp0QkzMPbmE9TCGW3GjtW+Kk/NDbNe8ufj6O
+hk0r7EbGyBO0qvgzHLzSsQiSsgaMCkLc5Xt4NzB4g2DvnReFU2WwgRh031lHOVLm
+mvFqRtHzJb20dKufyjOmSMzNKRzURVmobECKARaBlGNP0wHYhq97n4OxM1o0eq7a
+4ugaSp2q+6BSaAQhbZN8ULCF/oGA/376Sz7RNuoOmQwl9aFqnfl3YgopBIqKvnSP
+h4j0QynN45rUFOe/VywTmpWKj+DonGCupxe9VvyZ87NKRgKiHprXGDrhdB0GcNXM
+wV66WbjKBV7qlpSh/GH3oiHwlcYT8LNyZbxTJXcVF5ODtlZfc9zqRtUBWQARAQAB
+tFNTbWFydG1vbnRvb2xzIFNpZ25pbmcgS2V5ICh0aHJvdWdoIDIwMjApIDxzbWFy
+dG1vbnRvb2xzLWRhdGFiYXNlQGxpc3RpLmpwYmVybGluLmRlPokCPgQTAQIAKAUC
+XCaGlQIbAwUJA8etAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ6nSrJXIQ
+QsWXYQ/+IVHGQxDOg7lMX9iDbg/UDj/zrQfsJR2HQ2j0iI8TmsQLSK4pphwN0r9D
+g0BuKhQBe3wPphLjwD40HueKatIacE91PgLse/KWmEe4OoQCDxshiIGad3YoIF3X
+yrJg6pcMLOAnfT55Tg04EmWpT1LzWTJmH8RL2iftTM217Q2JnfQGKicTiD/GiYV1
+oyFUvn+H5/u5O7UYhvWKBcccJtal2uhc6h8U2HugMV0SpNM5p83oGDZkV0YYSJ0C
+044im1+axbz06Aeq7Uh3JFScCcbjl+SQ7gK0NJF39uI8HbwC7fcfySCj5JDuVeaq
+KjahWctKa/D6nauKA8+LIGOckkf2oN0sJBrES7Zn8ImHYN/1wLCff9oIDAlux6Jk
+BZ6+MqIJKHit4SSYPd3QnkdI1ehn+2EdxK9VSBU0W2ZPlZmoUSamWboloumhwYyN
+86ohFVJWnN4YWlZiJNJlxj/F6d4GTEJBFqoK9yStdz8Dsg16sAwuNYFVFtCKaesA
+keuhcS3SfoFXwLsz+8cLfHVdsBHmm9/OCfNtOm3EPJqaD57lL5ocTWQeLaAqUCse
+rOCDoIUZul5e6kRytjjNIHFNufWTbuw4YlYM3+FU1nkgckmhw4M9kI/xGtVj7bvs
+tJKKN976kOoRZRIAL+9SlC+3Tqd9a4y4RRjYongvFzqpqRlQfS+JARwEEwECAAYF
+AlwmhpwACgkQL83sC9OvGqsVOggAqLB5eQrUv8E9ikD6kJCito827bzDWF29yD7P
+vfhjXaz5in54jOVpwg3o9CsqIjjRW0/1bBVswC8ZL0sAdZ+GDSDMw5F2IpkD77gj
+nFY79M/e6C9xYyxYzHC7emDPSz9IroOvdkkEgrB+OABKkaOCcS18P4Lk3WNHaPw5
+c7aI0z1iJP52EmSfvB8r86mtUFJB+f15eD/4vaRfkZLFjF9FQ3kgEK1U+rV4s1O2
+bCFfP3WPDcc83NgwRUvtXmcSOSOIoXnemJzyJr+JnqCWVET4XWF6i20mRFXVEpWt
+f5AkJYgR3z/jW0djELbBWA/35bAnpXy5pDHv9NbZsTkBZxK/kokBHAQTAQIABgUC
+XCaGnQAKCRAY7NpGy/a6xn4lB/90tXTnZsgmoftol9uivfQrPdR88WmOZLYmUeQA
+d1rqSFMxe+KzO/qLuU8s6OF4nznwL2cPfbGZxezM4PiYmAmbbEU/3gTONwjVBBA0
+Gfimy/fITEezFtCigo1thkaJ195g/dqY+zE3Vt4rzC03j1vx8mUHRPU6kkvKj8cP
+0j+XHX2xQDsTXTstfnom29wBmGnvSZ9HgcdL71e1VXJXwikmnO3P4J/1C2LeCOlW
+rGqWZ2c0WBLKdJnsYUx7Dm/OvkkB4lF+zWp98zS8jS/5h+1apVgEzrdTMvT8ydTk
+Ur7ObKGkIhK+L+Xo5BD+V9Qf6xKGYPwhhdj/E5/kyjULrm10iQEcBBMBAgAGBQJc
+JoadAAoJEPOHY87f0iVZfiUH/3yKS5wGvTeRInse8+W1WzKuto3XzqXLngb9QXWw
+7nCwqmNS7PbzDnufQi2ThKrMfcK14WgNYABNZPU75I+6bcb0oCB5tlooIUEV/2Ut
+/5Hl/83zFFoNA/kQKVz8kIDqgRcxC+zY2VJ4eTKHyQDvXygVk8wnKTBae3gX+CIZ
+qJHPXiiygHlbl31Mi3G1Iaxu57dP6ocV0vX1dytKSwd4Rbviwwb4L76o/tVT9t3G
+wFM15uK1SqtnAaiaktEdMi3XI4d01H3VUVz/iR0XQbf13RZoEM6CJWmsQ/qvYlwk
+bKOdlahjoHrFlkhADSBaO9N1OZp3OYDjziIujMdt2IPKnmM=
+=0uFV
+-----END PGP PUBLIC KEY BLOCK-----
+"
+
+# gpg_verify FILE.asc FILE
+gpg_verify()
+{
+ local gnupgtmp opts out rc
+ opts="--quiet ${q:+--no-secmem-warnin} --batch --no-tty"
+
+ # Create temp home dir
+ gnupgtmp="$tmpdir/.gnupg.$$.tmp"
+ rm -f -r "$gnupgtmp"
+ mkdir "$gnupgtmp" || exit 1
+ chmod 0700 "$gnupgtmp"
+
+ # Import public key
+ "$GPG" $opts --homedir="$gnupgtmp" --import <<EOF
+$public_key
+EOF
+ test $? = 0 || exit 1
+
+ # Verify
+ rc=0
+ out=`"$GPG" $opts --homedir="$gnupgtmp" --verify "$1" "$2" </dev/null 2>&1` || rc=1
+ vecho "$out"
+
+ rm -f -r "$gnupgtmp"
+ return $rc
+}
+
+# mv_all PREFIX OLD NEW
+mv_all()
+{
+ mv "${1}${2}" "${1}${3}"
+ mv "${1}${2}.raw" "${1}${3}.raw"
+ mv "${1}${2}.raw.asc" "${1}${3}.raw.asc"
+}
+
# Parse options
smtctl=$SMARTCTL
tool=
url=
q="-q"
dryrun=
+trunk=
cacert=
capath=
insecure=
+no_verify=
while true; do case $1 in
-s)
--dryrun)
dryrun=t ;;
+ --trunk)
+ trunk=trunk ;;
+
--cacert)
shift; test -n "$1" || usage
cacert=$1 ;;
--insecure)
insecure=t ;;
+ --no-verify)
+ no_verify=t ;;
+
+ --export-key)
+ cat <<EOF
+$public_key
+EOF
+ exit 0 ;;
+
-*)
usage ;;
break
fi
done
- test -n "$tool" || error "found none of: $os_dltools"
+ test -n "$tool" || error "found none of '$os_dltools' in $pathinfo"
fi
test -n "$url" || selecturl "svn"
lynx:t) warning "'--insecure' is ignored if '-t lynx' is used" ;;
esac
-# Try possible branch first, then trunk
-errmsg=
-errmsg2=
-for location in "branches/$BRANCH" "trunk"; do
- test -z "$errmsg" || errmsg2=$errmsg
- vecho "Download from $location with $tool"
-
- # Adjust URL
- case $location in
- trunk) src=$url ;;
- *) src=`echo "$url" | sed "s,/trunk/,/$location/,"` ;;
- esac
-
- # Download
- test -n "$dryrun" || rm -f "$DEST.new" || exit 1
- rc=0
- download "$src" "$DEST.new" || rc=$?
- test -z "$dryrun" || continue
+# Check for smartctl
+if [ "$smtctl" != "-" ]; then
+ "$smtctl" -V >/dev/null 2>&1 \
+ || err_notfound "$smtctl" "('-s -' to ignore)"
+fi
- errmsg=
- if [ $rc != 0 ]; then
- errmsg="download from $location failed ($tool: exit $rc)"
- continue
- fi
+# Check for GnuPG
+if [ -z "$no_verify" ]; then
+ test -n "$GPG" \
+ || error "GnuPG is not available ('--no-verify' to ignore)"
+ "$GPG" --version >/dev/null 2>&1 \
+ || err_notfound "$GPG" "('--no-verify' to ignore)"
+fi
- # Check file contents
- case `sed 1q "$DEST.new"` in
- /*) ;;
- \<*)
- errmsg="download from $location failed (HTML error message)"
- continue ;;
- *)
- errmsg="download from $location failed (Unknown file contents)"
- continue ;;
- esac
+# Use destination directory as temp directory for gpg
+tmpdir=`dirname "$DEST"`
- # Check file size
- size=`wc -c < "$DEST.new"`
- if [ "$size" -lt 10000 ]; then
- errmsg="download from $location failed (too small file size $size bytes)"
- continue
- fi
- if [ "$size" -gt 1000000 ]; then
- errmsg="download from $location failed (too large file size $size bytes)"
- break
- fi
+# Adjust URLs
+src=`echo "$url" | sed -e "s,/trunk/,/branches/$BRANCH/," \
+ -e "s,/master/,/origin/$BRANCH/,"`
+src_asc=`echo "$src" | sed "s,/drivedb\.h,/drivedb.h.raw.asc,"`
+test -z "$trunk" || src=$url
- break
-done
+# Download
+test -n "$dryrun" || rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
-test -z "$dryrun" || exit 0
+vecho "Download ${trunk:-branches/$BRANCH}/drivedb.h with $tool"
+rc=0
+download "$src" "$DEST.new" || rc=$?
+if [ $rc != 0 ]; then
+ rm -f "$DEST.new"
+ error "${trunk:-$BRANCH}/drivedb.h: download failed ($tool: exit $rc)"
+fi
+if ! errmsg=`check_file "$DEST.new" '/' 10000 1000000`; then
+ mv "$DEST.new" "$DEST.error"
+ error "$DEST.error: $errmsg"
+fi
-if [ -n "$errmsg" ]; then
+vecho "Download branches/$BRANCH/drivedb.h.raw.asc with $tool"
+rc=0
+download "$src_asc" "$DEST.new.raw.asc" || rc=$?
+if [ $rc != 0 ]; then
+ rm -f "$DEST.new" "$DEST.new.raw.asc"
+ error "$BRANCH/drivedb.h.raw.asc: download failed ($tool: exit $rc)"
+fi
+if ! errmsg=`check_file "$DEST.new.raw.asc" '-' 200 2000`; then
rm -f "$DEST.new"
- test -z "$errmsg2" || echo "$myname: $errmsg2" >&2
- error "$errmsg"
+ mv "$DEST.new.raw.asc" "$DEST.error.raw.asc"
+ error "$DEST.error.raw.asc: $errmsg"
fi
-# Adjust timestamp and permissions
-touch "$DEST.new"
-chmod 0644 "$DEST.new"
+test -z "$dryrun" || exit 0
+
+# Create raw file with unexpanded SVN Id
+# (This assumes newlines are LF and not CR/LF)
+unexpand_svn_id < "$DEST.new" > "$DEST.new.raw"
+
+# Adjust timestamps and permissions
+touch "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
+chmod 0644 "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
+
+if [ -z "$no_verify" ]; then
+ # Verify raw file
+ if ! gpg_verify "$DEST.new.raw.asc" "$DEST.new.raw"; then
+ mv_all "$DEST" ".new" ".error"
+ test -n "$trunk" || error "$DEST.error.raw: *** BAD signature ***"
+ error "$DEST.error.raw: signature from branch no longer valid ('--no-verify' to ignore)"
+ fi
+fi
if [ "$smtctl" != "-" ]; then
# Check syntax
- rm -f "$DEST.error"
- if "$smtctl" -B "$DEST.new" -P showall >/dev/null; then
- test -n "$q" || echo "$smtctl: syntax OK"
- else
- mv "$DEST.new" "$DEST.error"
- echo "$DEST.error: rejected by $smtctl, probably no longer compatible" >&2
- exit 1
+ if ! "$smtctl" -B "$DEST.new" -P showall >/dev/null; then
+ mv_all "$DEST" ".new" ".error"
+ error "$DEST.error: rejected by $smtctl, probably no longer compatible"
fi
+ vecho "$smtctl: syntax OK"
fi
# Keep old file if identical, ignore missing Id keyword expansion in new file
rm -f "$DEST.lastcheck"
if [ -f "$DEST" ]; then
- if cmp "$DEST" "$DEST.new" >/dev/null 2>/dev/null \
- || cat "$DEST" | sed 's|\$''Id''[^$]*\$|$''Id''$|' \
- | cmp - "$DEST.new" >/dev/null 2>/dev/null; then
- rm -f "$DEST.new"
- touch "$DEST.lastcheck"
- echo "$DEST is already up to date"
- exit 0
+ if [ -f "$DEST.raw" ] && [ -f "$DEST.raw.asc" ]; then
+ if cmp "$DEST.raw" "$DEST.new.raw" >/dev/null 2>&1 \
+ && cmp "$DEST.raw.asc" "$DEST.new.raw.asc" >/dev/null 2>&1 \
+ && { cmp "$DEST" "$DEST.new" >/dev/null 2>&1 \
+ || cmp "$DEST.raw" "$DEST.new" >/dev/null 2>&1; }
+ then
+ rm -f "$DEST.new" "$DEST.new.raw" "$DEST.new.raw.asc"
+ touch "$DEST.lastcheck"
+ echo "$DEST is already up to date"
+ exit 0
+ fi
+ mv_all "$DEST" "" ".old"
+ else
+ mv "$DEST" "$DEST.old"
fi
- mv "$DEST" "$DEST.old"
fi
-mv "$DEST.new" "$DEST"
-
-echo "$DEST updated from $location"
+mv_all "$DEST" ".new" ""
+echo "$DEST updated from ${trunk:-branches/$BRANCH}${no_verify:+ (NOT VERIFIED)}"